Web Filtering/Proxies

I recently stumbled across this blog posting talking about personal web surfing at work. Basically, the blog is commenting on a survey that stated 39% of 18-24 year olds would consider leaving their job if personal web browsing were banned. For the 25-65 demographic (which is an insanely large demographic which begins to bring the validity of the survey into question), the percentage dropped to 16%.

This posting struck me as interesting since the policy of personal web surfing has come up a time or two here as we are going through and creating all these new policies for our SAS 70 audit. I think I would have to side with the 39% in the 18-24 crowd, but then again, I’m almost always against what I refer to as “blanket” policies.

  • No Personal Web Browsing
  • No Personal Phone Calls
  • All Training Cancelled Due to Budget Constraints (this one seemed to happen every year just before a training class I had scheduled at a former employer…I learned to always get training scheduled for the first half of the year)

So, if we are going to allow personal web browsing, we should at least state expectations in the policy somewhere. Even if it is as general as “personal web browsing is allowed as long as it does not interfere with your performance”. Of course, we probably want something about acceptable content as well. Maybe limiting certain types of things like streaming video and music if you have bandwidth issues.

My personal preference is to have a very flexible policy. However, I also think that a company should use a web proxy that requires a login so that a user has to login prior to accessing the external internet. Not only does this allow you to log use and give you some data to back you up if you feel personal browsing is affecting someone’s performance, the fact that the user has to login before getting outside gives them a subtle little reminder that they are being monitored. I know, maybe a little “Big Brother” for some, but if you’re not doing anything wrong there shouldn’t be any issues. If you get some more advanced proxies, they can automatically filter based of content type so you can ban access to obviously inappropriate material. Another interesting concept I’ve seen before was from a small company that just had a simple web proxy and they published the logs for all employees to see. So if John Smith in accounting was going out to some adult website during work, his co-workers could find out. Nothing seems to be quite as big of a motivator as public humiliation 🙂

So, for all of you out there considering blocking web browsing, maybe you want to reconsider if you have a large number of employees in the 18-24 demographic (or probably the 25-30/5 as well). I’d be interested in hearing what some people’s policies are on personal web browsing and how they are enforced if at all.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: